Source file src/github.com/google/go-github/v55/github/dependabot_alerts.go

Documentation: github.com/google/go-github/v55/github

     1  // Copyright 2022 The go-github AUTHORS. All rights reserved.
     2  //
     3  // Use of this source code is governed by a BSD-style
     4  // license that can be found in the LICENSE file.
     5  
     6  package github
     7  
     8  import (
     9  	"context"
    10  	"fmt"
    11  )
    12  
    13  // Dependency reprensents the vulnerable dependency.
    14  type Dependency struct {
    15  	Package      *VulnerabilityPackage `json:"package,omitempty"`
    16  	ManifestPath *string               `json:"manifest_path,omitempty"`
    17  	Scope        *string               `json:"scope,omitempty"`
    18  }
    19  
    20  // AdvisoryCVSS represents the advisory pertaining to the Common Vulnerability Scoring System.
    21  type AdvisoryCVSS struct {
    22  	Score        *float64 `json:"score,omitempty"`
    23  	VectorString *string  `json:"vector_string,omitempty"`
    24  }
    25  
    26  // AdvisoryCWEs reprensent the advisory pertaining to Common Weakness Enumeration.
    27  type AdvisoryCWEs struct {
    28  	CWEID *string `json:"cwe_id,omitempty"`
    29  	Name  *string `json:"name,omitempty"`
    30  }
    31  
    32  // DependabotSecurityAdvisory represents the GitHub Security Advisory.
    33  type DependabotSecurityAdvisory struct {
    34  	GHSAID          *string                  `json:"ghsa_id,omitempty"`
    35  	CVEID           *string                  `json:"cve_id,omitempty"`
    36  	Summary         *string                  `json:"summary,omitempty"`
    37  	Description     *string                  `json:"description,omitempty"`
    38  	Vulnerabilities []*AdvisoryVulnerability `json:"vulnerabilities,omitempty"`
    39  	Severity        *string                  `json:"severity,omitempty"`
    40  	CVSS            *AdvisoryCVSS            `json:"cvss,omitempty"`
    41  	CWEs            []*AdvisoryCWEs          `json:"cwes,omitempty"`
    42  	Identifiers     []*AdvisoryIdentifier    `json:"identifiers,omitempty"`
    43  	References      []*AdvisoryReference     `json:"references,omitempty"`
    44  	PublishedAt     *Timestamp               `json:"published_at,omitempty"`
    45  	UpdatedAt       *Timestamp               `json:"updated_at,omitempty"`
    46  	WithdrawnAt     *Timestamp               `json:"withdrawn_at,omitempty"`
    47  }
    48  
    49  // DependabotAlert represents a Dependabot alert.
    50  type DependabotAlert struct {
    51  	Number                *int                        `json:"number,omitempty"`
    52  	State                 *string                     `json:"state,omitempty"`
    53  	Dependency            *Dependency                 `json:"dependency,omitempty"`
    54  	SecurityAdvisory      *DependabotSecurityAdvisory `json:"security_advisory,omitempty"`
    55  	SecurityVulnerability *AdvisoryVulnerability      `json:"security_vulnerability,omitempty"`
    56  	URL                   *string                     `json:"url,omitempty"`
    57  	HTMLURL               *string                     `json:"html_url,omitempty"`
    58  	CreatedAt             *Timestamp                  `json:"created_at,omitempty"`
    59  	UpdatedAt             *Timestamp                  `json:"updated_at,omitempty"`
    60  	DismissedAt           *Timestamp                  `json:"dismissed_at,omitempty"`
    61  	DismissedBy           *User                       `json:"dismissed_by,omitempty"`
    62  	DismissedReason       *string                     `json:"dismissed_reason,omitempty"`
    63  	DismissedComment      *string                     `json:"dismissed_comment,omitempty"`
    64  	FixedAt               *Timestamp                  `json:"fixed_at,omitempty"`
    65  	AutoDismissedAt       *Timestamp                  `json:"auto_dismissed_at,omitempty"`
    66  	// The repository is always empty for events
    67  	Repository *Repository `json:"repository,omitempty"`
    68  }
    69  
    70  // ListAlertsOptions specifies the optional parameters to the DependabotService.ListRepoAlerts
    71  // and DependabotService.ListOrgAlerts methods.
    72  type ListAlertsOptions struct {
    73  	State     *string `url:"state,omitempty"`
    74  	Severity  *string `url:"severity,omitempty"`
    75  	Ecosystem *string `url:"ecosystem,omitempty"`
    76  	Package   *string `url:"package,omitempty"`
    77  	Scope     *string `url:"scope,omitempty"`
    78  	Sort      *string `url:"sort,omitempty"`
    79  	Direction *string `url:"direction,omitempty"`
    80  
    81  	ListOptions
    82  	ListCursorOptions
    83  }
    84  
    85  func (s *DependabotService) listAlerts(ctx context.Context, url string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
    86  	u, err := addOptions(url, opts)
    87  	if err != nil {
    88  		return nil, nil, err
    89  	}
    90  
    91  	req, err := s.client.NewRequest("GET", u, nil)
    92  	if err != nil {
    93  		return nil, nil, err
    94  	}
    95  
    96  	var alerts []*DependabotAlert
    97  	resp, err := s.client.Do(ctx, req, &alerts)
    98  	if err != nil {
    99  		return nil, resp, err
   100  	}
   101  
   102  	return alerts, resp, nil
   103  }
   104  
   105  // ListRepoAlerts lists all Dependabot alerts of a repository.
   106  //
   107  // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-a-repository
   108  func (s *DependabotService) ListRepoAlerts(ctx context.Context, owner, repo string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
   109  	url := fmt.Sprintf("repos/%v/%v/dependabot/alerts", owner, repo)
   110  	return s.listAlerts(ctx, url, opts)
   111  }
   112  
   113  // ListOrgAlerts lists all Dependabot alerts of an organization.
   114  //
   115  // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization
   116  func (s *DependabotService) ListOrgAlerts(ctx context.Context, org string, opts *ListAlertsOptions) ([]*DependabotAlert, *Response, error) {
   117  	url := fmt.Sprintf("orgs/%v/dependabot/alerts", org)
   118  	return s.listAlerts(ctx, url, opts)
   119  }
   120  
   121  // GetRepoAlert gets a single repository Dependabot alert.
   122  //
   123  // GitHub API docs: https://docs.github.com/en/rest/dependabot/alerts#get-a-dependabot-alert
   124  func (s *DependabotService) GetRepoAlert(ctx context.Context, owner, repo string, number int) (*DependabotAlert, *Response, error) {
   125  	url := fmt.Sprintf("repos/%v/%v/dependabot/alerts/%v", owner, repo, number)
   126  	req, err := s.client.NewRequest("GET", url, nil)
   127  	if err != nil {
   128  		return nil, nil, err
   129  	}
   130  
   131  	alert := new(DependabotAlert)
   132  	resp, err := s.client.Do(ctx, req, alert)
   133  	if err != nil {
   134  		return nil, resp, err
   135  	}
   136  
   137  	return alert, resp, nil
   138  }
   139  

View as plain text